mu: 1.12.12 -> 1.12.13 #49611
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR | |
| on: | |
| pull_request_target: | |
| workflow_call: | |
| secrets: | |
| CACHIX_AUTH_TOKEN: | |
| required: true | |
| NIXPKGS_CI_APP_PRIVATE_KEY: | |
| required: true | |
| OWNER_APP_PRIVATE_KEY: | |
| # The Test workflow should not actually request reviews from owners. | |
| required: false | |
| OWNER_RO_APP_PRIVATE_KEY: | |
| required: true | |
| concurrency: | |
| group: pr-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-24.04-arm | |
| outputs: | |
| baseBranch: ${{ steps.prepare.outputs.base }} | |
| headBranch: ${{ steps.prepare.outputs.head }} | |
| mergedSha: ${{ steps.prepare.outputs.mergedSha }} | |
| targetSha: ${{ steps.prepare.outputs.targetSha }} | |
| systems: ${{ steps.prepare.outputs.systems }} | |
| touched: ${{ steps.prepare.outputs.touched }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| sparse-checkout-cone-mode: true # default, for clarity | |
| sparse-checkout: | | |
| ci/github-script | |
| - id: prepare | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| require('./ci/github-script/prepare.js')({ | |
| github, | |
| context, | |
| core, | |
| }) | |
| check: | |
| name: Check | |
| needs: [prepare] | |
| uses: ./.github/workflows/check.yml | |
| permissions: | |
| # cherry-picks | |
| pull-requests: write | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| OWNER_RO_APP_PRIVATE_KEY: ${{ secrets.OWNER_RO_APP_PRIVATE_KEY }} | |
| with: | |
| baseBranch: ${{ needs.prepare.outputs.baseBranch }} | |
| headBranch: ${{ needs.prepare.outputs.headBranch }} | |
| mergedSha: ${{ needs.prepare.outputs.mergedSha }} | |
| targetSha: ${{ needs.prepare.outputs.targetSha }} | |
| lint: | |
| name: Lint | |
| needs: [prepare] | |
| uses: ./.github/workflows/lint.yml | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| with: | |
| mergedSha: ${{ needs.prepare.outputs.mergedSha }} | |
| targetSha: ${{ needs.prepare.outputs.targetSha }} | |
| eval: | |
| name: Eval | |
| needs: [prepare] | |
| uses: ./.github/workflows/eval.yml | |
| permissions: | |
| # compare | |
| statuses: write | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| with: | |
| mergedSha: ${{ needs.prepare.outputs.mergedSha }} | |
| targetSha: ${{ needs.prepare.outputs.targetSha }} | |
| systems: ${{ needs.prepare.outputs.systems }} | |
| testVersions: ${{ contains(fromJSON(needs.prepare.outputs.touched), 'pinned') && !contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development') }} | |
| labels: | |
| name: Labels | |
| needs: [prepare, eval] | |
| uses: ./.github/workflows/labels.yml | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| secrets: | |
| NIXPKGS_CI_APP_PRIVATE_KEY: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} | |
| with: | |
| headBranch: ${{ needs.prepare.outputs.headBranch }} | |
| reviewers: | |
| name: Reviewers | |
| needs: [prepare, eval] | |
| if: | | |
| needs.prepare.outputs.targetSha && | |
| !contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development') | |
| uses: ./.github/workflows/reviewers.yml | |
| secrets: | |
| OWNER_APP_PRIVATE_KEY: ${{ secrets.OWNER_APP_PRIVATE_KEY }} | |
| build: | |
| name: Build | |
| needs: [prepare] | |
| uses: ./.github/workflows/build.yml | |
| secrets: | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| with: | |
| baseBranch: ${{ needs.prepare.outputs.baseBranch }} | |
| mergedSha: ${{ needs.prepare.outputs.mergedSha }} | |
| # This job's only purpose is to serve as a target for the "Required Status Checks" branch ruleset. | |
| # It "needs" all the jobs that should block merging a PR. | |
| # If they pass, it is skipped — which counts as "success" for purposes of the branch ruleset. | |
| # However, if any of them fail, this job will also fail — thus blocking the branch ruleset. | |
| no-pr-failures: | |
| # Modify this list to add or remove jobs from required status checks. | |
| needs: | |
| - check | |
| - lint | |
| - eval | |
| - build | |
| # WARNING: | |
| # Do NOT change the name of this job, otherwise the rule will not catch it anymore. | |
| # This would prevent all PRs from merging. | |
| name: no PR failures | |
| # A single job is "cancelled" when it hits its timeout. This is not the same | |
| # as "skipped", which happens when the `if` condition doesn't apply. | |
| # The "cancelled()" function only checks the whole workflow, but not individual | |
| # jobs. | |
| if: ${{ failure() || contains(needs.*.result, 'cancelled') }} | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - run: exit 1 |